Dan Middleton, Vice President UK&I at Veeam, explains how best practices for modern data protection can better protect local governments from cyberattacks
Adequate protection against cyberattacks is vital, especially given the amount of sensitive data that local authorities host.
Traditionally, local governments were not up to date with the latest technology and relied on outdated IT infrastructure. Most of the services were still performed in person, and those who were online often lacked sophistication.
But the pandemic forced councils to accelerate their digital transformation plans almost overnight. One of the biggest impacts has been that local governments are now processing and storing more data than ever before. This trend is likely to continue, with benefits such as the automation of services, more inclusive access for citizens and the ability to offer employees more flexible ways of working. There will be no going back.
This change brings with it a considerable security challenge, especially for the bodies that still work with older IT systems. According to the UK government’s own research, these threats come in the form of cyber criminals, state actors and state sponsored attacks, terror groups, hacktivists and screenplay kiddies.
Of course, the councils are not alone. Cyber attacks are increasing in all industries around the world, and just recently one of the largest password collections of all time was leaked on a popular hacking forum.
It is now imperative for any business to leverage modern data protection to mitigate the cybersecurity risks that prevail in today’s increasingly data-intensive, digital world.
The UK government needs to keep an eye on its fragile supply chain
Mike Beck, global CISO at Darktrace, explains how AI can help the UK government identify supply chain compromises following the recent Gamarue attack. Read here
The cyber threat landscape
Given the hybrid nature of working and the current cyber threat landscape, many councils rely on inadequate data protection solutions and protocols. There have been a number of cyber attacks on councils recently, including stealing private documents and putting them publicly online. Pressure on the councils from digital threats is mounting.
Given the sensitive and diverse data councils, it is clear that modern data protection best practices need to be adapted to ensure that residents’ data is stored as securely as possible. With research by Tessian showing that 47% of people working from home fell for a phishing scam, that need is even more prevalent during the pandemic as hybrid working has become the norm.
Currently, most of the councils are not set up to follow them to implement better modern data protection practices. According to Veeam’s Freedom of Information report, every council has a disaster recovery plan in the event of an IT outage or failure. However, the research also found that only 15% of the councils test their systems regularly (once a month or more). Councils using older disaster recovery technologies are at higher risk because regular testing cannot be automated and reliability is not guaranteed.
With many councils introducing remote working when we leave the national lockdown, council presidents and IT teams need to focus on ensuring that all IT systems continue to be secured and tested on a regular basis.
To ensure that communities implement best practices to protect against cyberattacks, local authorities need clear modern data protection strategies to ensure that the data in their jurisdiction is protected and secured at all times. The failure of data protection and disaster recovery systems can have serious consequences for local authorities given the sensitivity of the data in their care. Therefore, scheduling automated tests on a regular basis is a way to increase confidence that authorities can successfully recover and restore data.
In addition, IT strategy, data storage and cyber security systems must be fit for purpose. They often need to be evaluated to ensure that companies have not developed a vulnerability. But in addition to looking inward, this evaluation and subsequent planning must also take into account that some attacks will most likely be successful. Annual reviews give companies the opportunity to act proactively following an attack.
After all, companies must not forget to train their employees. The employees make a significant contribution to the protection of data. All employees must be trained in how their organization stores, protects and secures data and minimizes the risk of introducing cyber attackers using common attack methods such as phishing.
How to mitigate the effects of an IT failure
This article examines how organizations can mitigate and prevent the operational impact of an IT outage. Read here
Councils have a lot of sensitive data, and that involves a great deal of responsibility. However, when faced with a strong and evolving threat landscape and the complexities of hybrid ways of working, local governments would benefit greatly from modern data protection. With this in mind, by following the best practices outlined above, communities can ensure that data is not lost or fall into the wrong hands and enable them to provide the best possible care for their residents.